VXLAN is a tunneling protocol that encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets.

Why VXLAN:

  • VLAN Scalability  - expands VLAN name space
    • VLANs use 12 bit -4096 values
    • VXLAN uses 24 bit - 16777216 values
  • allows layer 2 multipathing
    • no STP
    • uses layer 3 ECMP over CLOS fabric (like FabricPath)
  • allows for multi-tenancy
    • separate of customer traffic over shared underlay fabric
    • allows for overlapping layer 2 and layer 3 addresses (VLANs and IP are locally significant - could be VLAN 10 in one DC and VLAN20 in another DC, as long as the same subnet and VXLAN)

  • CE - only one port is active
  • vPC - can not scale out, only 2 distribution switches
  • FabricPath - L2 only and there is no active control plane (legacy now, because of VXLAN)
  • VXLAN - optimize the control plane (don’t send broadcast everywhere, not learning every possible MAC addresses)

VXLAN Terminology

  • Underlay Network - provides transport for VXLAN
    • OSPF/EIGRP/IS-IS router fabric
  • Overlay Network - uses the service provided by VXLAN
  • VXLAN - Virtual eXtensivle LAN
  • VNI / VNID - VXLAN Network Identifier (replaces the VLAN ID)
  • VTEP - VXLAN Tunnel End Point
    • box that performs VXLAN encap/decap
    • hardware or software (Nexus 5600, N7K-M3, Nexus 1000v)
  • VXLAN Segment - the resulting L2 overlay network
  • VXLAN Gateway - device that forwars traffic between VXLANs
  • NVE - Network Virtualization Edge
    • logical representation of the VTEP
    • NVE is the tunnel interface

VXLAN Encapsulation

  • VXLAN over UDP over IP

Basic VXLAN Workflow

  • Receive ARP from local host
  • Find the remote VTEP
    • multicast flood and learn
    • ingress replication
    • MP-BGP L2VPN EVPN
  • Unicast encap frame to the VTEP
    • throw away the VLAN
    • replace it with the VNID